Open Redirect

URL redirection or open redirect.
Vulnerability Name: Open redirect on [Parameter] at [Domain name]
Vulnerability Description: An attacker can construct a URL within the application that causes a redirection to an arbitrary external domain.
[Don't forget to add your vulnerability description, the one given above is a general description]
Payload: [Malicious payload]
Steps to Reproduce: 
1.Go to the [URL]
2.Now change the value of [vulnerable param] to attacker.com
3.You will be redirected to the attacker-controlled domain.
Proof-of-concept: Snapshots or video link attached.
Impact: 
1.It can lead to a Phishing attack.
2.An attacker might forcefully download the malware on the victim's machine by redirecting the victim to the attacker's server.
Attack Scenario:  Here an attacker can intentionally send the URL to the victim as a part of an email or even a message. As the link starts with the legit domain victim will have no idea of a redirection.
[The above was a basic attack scenario you need to alter it according to the Workflow]
Remediation: If possible, applications should avoid incorporating user-controllable data into redirection targets. In many cases, this behavior can be avoided in two ways:
Remove the redirection function from the application, and replace links to it with direct links to the relevant target URLs.
Maintain a server-side list of all URLs that are permitted for redirection. Instead of passing the target URL as a parameter to the redirector, pass an index into this list.
​
Insecure Deserialization
Race condition
Last modified 2yr ago